IN THE CLAIMS: 



1 . (Currently Amended) A method for authenticating a first user in a protected network to 
an application shared cone urrently^i«titoaee>«^v with a second user in an unprotected network, 
said method comprising the steps of: 

the first user supplying a userlD and a password to a first server within said protected 
network for authentication for said application, said application residing in a third network 

configijrei1.M.a.llufier bejweCT 

said first server determining thai ^ :yf:tr^tr^ ,;-o- :v said 

userlD and password are authentic, and in response \ n * v said first server 

forwarding to said application an authentication key for said first user and a selection by said 
first user pertaining to said application , said password not being sent from said protected 
network into said third network to a ccess said application; and- 

said application determining that said key is authentic.^— 

•keyr and ah ipom _ - > 1 application complying with said selection by said first 

use r; and 

said second user supplying another userlD and another password to said application, said 

application determining that said other userlD and said other password are authentic, and in 
response , said application c omplying 
said ap plication. 
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2. (Currently Amended) A method as set forth in claim 1 wherein said applic ation complies 
with said selection made by said second u ser * itho] t_ a \d - cond user supplying an 



3. (Original) A method as set forth in claim 1 wherein said protected network and said third 
network are both controlled by a same entity. 

4. (Currently Amended) A method as set forth in claim 1 wherein said third network is a 

Demilitarized Zone (" DM Z") network and acts as a security buffer for said protected network . 



5. (Original) A method as set forth in claim 1 wherein said unprotected network is an Internet. 



6. (Original) A method as set forth in claim 3 wherein said unprotected network is an Internet. 

7. (Currently Amended) A method as set forth in claim 1 wherein said selection by said first 
user is a request to said application, and said selection by said second user is a request to said 
application. ^ - . V t ^ --s- ^ 

Claims 8-10 (Canceled) 

1 1 . (Currently Amended) A method as set forth in claim 1 wherein said application is an 
electronic meeting application, ttmi both said first user and said second user 
concurrenil y ytr^-t- --.w^- participate in a same meetin g, and salt 1 [ ■ A j : . elects a screen that 
is concurrently presented to both said first user and said second user . 



12. (Original) A method as set forth in claim 1 1 wherein said selection by said first user is a 
selection of an electronic meeting in which to participate. 
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13. (Original) A method as set forth in claim 1 further comprising the step of said application 
sending to said first server said authentication key before the step of said first server forwarding 
to said application said authentication key. 

14. (Original) A method as set forth in claim 1 wherein said authentication key is self 
authenticating based on whether a period during which the key is valid matches a scheduled 
period of use of said application, and whether an IP address of said first user is from said 
protected network. 

Claim 15 (Canceled) 
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16. (Currently Amended) An authentication system comprising: 
an application on a first server in a first network; 

a second server in a second, protected network to receive from a first user within said 
second network a userlD and a password for authentication for said application, said second 
server including means for checking authentication of said first user based on said userlD and 
password, and if said first user is authentic, said second server forwarding to said application an 
authentication key for said first user and a selection by said first user pertaining to said 
applicatio n, said ] ia ss \\ ordjiojLbcinjJsent^ into said first network to 

access said application : and 



said application including means for checking authentication of said key, and if authentic, 
complying with said selection by said first user; and 

a workstation in a third, unprotected network for a second user, said application being 
shared concurrentlv simak-angetisl^ with said first and second users , said first network configured 
M.a buffcr between said second, protected network and said third, unprotoefqi network: and 
wherein 

said application receives from said second user another userlD and another password, 

and includes means for determining that said other userlD and other password are authentic, and 
in res ponse, complying with a selection made by said second user pertaining to said application. 
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17. (Currently Amended) A system as set forth in claim 16 wherei n said application 
complies with said selection made by said second user without said second user supplying an 



18. (Original) A system as set forth in claim 16 wherein said first and second servers and said 
first and second networks are all controlled by a same entity. 

19. (Currently Amended) A system as set forth in claim 16 wherein said first network is a 

Demilitarized Zone (" DM Z") network and acts as a security buffer for said protected network . 

20. (Original) A system as set forth in claim 16 wherein said unprotected network is an Internet. 
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21 . (Currently Amended) A computer program product for authenticating a first user in a 
protected network to an application shared simultaneously with a second user in an unprotected 
network, md,aMhmticating,Md,,second user to said application, said program product 
comprising: 

a computer readable medium; 

first program instructions, forte executione on a first server within said protected 
network, to receive from the first user a userlD and a password for authentication for said 
application, said application residing in a third network _cc>nfigured_ as. a scaHiK hu fTu l^or\s o-.-i 
said protected network and said unprotected network ; 

second program instructions, forte executione on said first server, to check authentication 
of said first user based on said userlD and password, and if said first user is authentic, to forward 
to said application an authentication key for said first user and a selection by said first user 
pertaining to said application, said password not being sent from said protected network into said 
third network to ac cess said application.; -md- 

third program instructions in said application to check authentication of said key, and if 
authentic, comply with said selection by said first user; and wherein : 

fourth program instructions in said application to receive from said second user another 

userlD and another password, determine if said other userlD and other password are authentic, 
and if so. i rihjcjtigjLtojCom^ second user 

pertaining to ~m i u- id wherein 

said first, second 1 -em4 thir d and fourth program instructions are recorded on said medium 

in functional form . 
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22. (Currently Amended) A computer program product as set forth in cj tirxi 2j therein said 
application complies with said selection made by said second user without said second user 

sM&baafiJffl&ito *t» 
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Please enter new claims 23-26, as follows: 

23. (New) A method for authenticating a first user of a first computer in a protected network 
to a second computer executing an application, a second user of a third computer in an 
unprotected network and said first user of said first computer concurrently sharing said 
application, said second computer residing in a third network configured as a buffer between 
said protected network and said unprotected network; said method comprising the steps of: 

the first computer supplying a userlD and a password of the first user to a fourth 
computer in said protected network for authentication for said application; 

said fourth computer determining that said userlD and password are authentic, and in 
response, forwarding to said second computer an authentication key for said first user, said 
password not being sent from said protected network into said third network to access said 
application; 

said second computer determining that said key is authentic, and in response, complying 
with a selection by said first user pertaining to said application; and 

said third computer supplying another userlD and another password of said second user 
to said second computer, said second computer determining that said other userlD and said other 
password are authentic, and in response, said application complying with a selection made by 
said second user pertaining to said application. 

24. (New) A method as set forth in claim 23 wherein said application complies with said 
selection made by said second user without said second user or said third computer supplying an 
authentication key to said second computer or said third network. 

25. (New) A method as set forth in claim 23 wherein said protected network and said third 
network are both controlled by a same entity. 
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26. (New) A method as set forth in claim 23 wherein said third network acts as a security 
buffer for said protected network. 
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